If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

integrity, ethics...pshaw, who needs 'em?

Here's a bright idea; apply to an ivy league school, read online how you can hack their web based software to find out early if you've been accepted, attempt to find out your fate only to learn they haven't made a decision about you yet, but because you exploited the vulnerability, you now are automatically rejected.

A computer hacker gained access to internal admissions records at Harvard, Stanford and other top business schools, then helped applicants log on and learn their fate weeks ahead of schedule, officials said Thursday.

Few of the people who followed the hacker's directions managed to find out if their applications have been accepted, according to school officials. But many of them could end up getting rejected now that the schools are checking to see who tried to exploit the security breach.

"Hacking into a system in this manner is unethical and also contrary to the behavior we expect of leaders we aspire to develop," said Steve Nelson, executive director of the MBA program at Harvard Business School.

...

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Harvard rejects applicants who peeked into admissions computer

Harvard Business School will reject 119 applicants who followed a hacker's instructions and peeked into the school's admission site to see if they had been accepted, the school's dean said. This behavior is unethical at best -- a serious breach of trust that cannot be countered by rationalization," Kim Clark said in a statement Monday. "Any applicant found to have done so will not be admitted to this school."

Carnegie Mellon's Tepper School of Business has already said it will reject those proven to have tried to peek at their files.

\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

Ok... could this just be a case of smart aggressive computing and not hacking?

What if...
You go to a page on your own assigned account and it has a link to your application results page. This opens another window which is nicely formatted with but in the center it says "Your Results have not been posted. Please check again." For whatever reason, you look at the script for that window. It says blah blah blah if x then display https://somewhere/results.doc else display https://somewhere/notyet.doc. If I cut and paste, I can see what is in results.doc.

Is this hacking? Is stopping this sort of thing by punishing this as an 'unethical breach' something we should stand up against?

Just yesterday someone on another forum asked about a problem accessing a Country Music Videos on CMT.com, he had the 'required' software and setup, but the window popped up saying 'we don't support you'. But a simple cut and paste from window that otherwise looked complete, showed the video in the same player as was requested. Now they might argue that they lost revenue because their script counts us as a viewer, or maybe adds a pop under, or otherwise does something they deem necessary to offer the content. Fair enough. But if I register and am willing to accept all that by clicking on the link and it didn't work for me, am I ethically obligated walk away? Am I an "evil unethical hacker" if I see the content?

What you describe is probably debatable. What is described in this article is NOT. My understanding is they had to intentionally change the URL or something that was not available simply by logging in and clicking on a button. It was overt; intent was established, by that action.

What you describe, sure. They screw up and don't protect the info, its their ass. We have a whole boatload of laws in the US that deal with this sort of thing. But if the visitor does something that they know will bypass the agreement they make with the school when they applied (read the paperwork and such for a school application...you'd be surprised what you are bound to) they're SOL.

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

"Hacking into a system in this manner is unethical and also contrary to the behavior we expect of leaders we aspire to develop," said Steve Nelson, executive director of the MBA program at Harvard Business School.

And I wonder how many of his graduates worked for Enron

I am not saying they were right, but I find Nelson's hypocrisy too much.......................

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

not surprising

This doesn't really surprise me.

1) People are ignorant about security, and Internet technology in general. They probably thought it was completely safe, some of them may not have even known exactly what they were doing ( although I haven't seen the details of the technique... anyone have more info? )

2) It's not as if today's generation of Ivy-league applicants in the U.S. have much in the way of ethical role models to look up to. Look at Cheney/Enron/Worldcom, all the big corporate scandals, Bush the C-student and his constant lies, lack of concern for world consensus, the environment, kyoto treaty, etc. etc., the several convicted felons appointed to administration roles in the US, even Colin Powell lying to the UN, Martha freakin' Stewart, .... all the wealthy suit-wearing teleprompter-reading folks that embody the American versions of success and power seem to be lying, cheating bastards.

3) Of all those folks on The Apprentice, how many of them would you say would have tried this hack?

If those people are going to college then I should be president of the United States. I think they deserve everything that they got, and the schools did nothing wrong. Those people should also have been thrown in jail. Hacking into someones files that they don't want you to see is against the law. NO QUESTIONS ASKED.

Maybe schools should not keep people waiting so long, but you would think people coming out of high school would not be that stupid. Even if a college accepted them, how could they trust them to not cheat on tests?